[ FOR ARTISTS ]
Proof you can show.
The seal gives creators a public way to say: a real person made or led this work, and there is a certificate attached to the exact audio master.
WHY
·
TRACKORIGIN
·
POSITION PAPER
·
2026
·
EN
[ THE CASE FOR PROVENANCE ]
THE MISSING
ORIGIN LAYER
FOR MUSIC.
Music now has three realities living in the same feeds: fully human-made, human-led AI-assisted, and fully generated. TrackOrigin is the proof layer that tells people which is which — not by guessing from the audio, but by verifying the human relationship to the work.
PAID STREAMING USERS · IFPI 2026
837M
GLOBAL STREAMS · LUMINATE 2025
5.1T
DEEZER UPLOADS NOW AI · APR 2026
44%
FAILED AI BLIND TEST · IPSOS 2025
97%
[ §01 — WHERE IT FITS ]
WHERE TRACKORIGIN FITS.
Music already has distribution rails. It does not yet have a universal proof layer for human authorship.
ISRC identifies the recording. DDEX moves release metadata. DSPs distribute and monetise the catalogue. Rights bodies manage ownership and royalties. C2PA and Content Credentials describe the tool chain. But none of those systems, by themselves, prove that the named human actually made, performed, produced, wrote, or meaningfully directed the track.
That is the gap TrackOrigin fills: a portable authorship-provenance layer that sits between the finished audio file and the places where music is judged, uploaded, licensed, streamed, signed, promoted and trusted.
It is the missing answer to a question the existing system was not designed to ask: can the human author credibly demonstrate authorship of this exact recording?
AUDIO
The master file
What the listener hears. The artefact. Not enough on its own.
METADATA
ISRC, DDEX, credits, release data
What the industry systems read. Useful, but mostly declarative.
TRACKORIGIN
Human authorship proof
Who demonstrated authorship, what was verified, what AI use was declared, and which exact master the proof is bound to.
DISTRIBUTION
DSPs, catalogues, profiles, sync, fans
Where the signal travels: ingestion, artist pages, track rows, EPKs, label review, fan trust and catalogue hygiene.
[ FOR PLATFORMS ]
A clean trust signal.
DSPs, distributors and catalogues can use TrackOrigin as one input for ingestion review, artist-page trust, ranking context, fraud systems and catalogue hygiene.
[ FOR THE INDUSTRY ]
A portable standard.
Labels, sync teams, rights bodies and partners get a visible, verifiable layer that travels with the track rather than staying trapped inside a private database.
[ §02 — INDUSTRY CHANGED ]
THE INDUSTRY HAS CHANGED.
The recorded music market is no longer dealing with scarcity. It is dealing with overflow.
The IFPI's Global Music Report 2026 put global recorded music revenue at USD $31.7 billion in 2025, with 837 million paid streaming subscribers and the industry's eleventh consecutive year of growth. Streaming alone surpassed USD $22 billion, representing 69.6% of total recorded music revenue.
Growth in 2025 was global. Latin America led at +17.1%, followed by the Middle East and North Africa at +15.2%, Sub-Saharan Africa at +15.2%, and Asia at +10.9%. Every IFPI region recorded growth — the first time on record. Luminate tracked 5.1 trillion global music streams in 2025 — a single-year record, up 9.6% year on year — with new ISRCs arriving at roughly 99,000 to 107,000 every 24 hours.
The flood of synthetic content is now structural, not marginal.
Deezer disclosed in April 2026 that it now receives nearly 75,000 fully AI-generated tracks per day — 44% of its total daily delivery. That figure scaled from 10,000/day in January 2025, to 30,000/day in September 2025, to 50,000/day in November 2025, to 75,000/day in April 2026. The platform classifies 85% of streams on AI-generated music as fraudulent and demonetises them.
Spotify removed more than 75 million tracks for spam and low-quality content in the twelve months before September 2025. Bandcamp banned AI-generated music outright. In April 2026, an AI-generated track topped the iTunes charts in the US, UK, France, Canada and New Zealand simultaneously.
The industry needs a way to separate human-made, human-led AI-assisted, and fully generated music without relying only on guesswork, self-declaration or opaque audio classifiers.
[ §03 — THREE KINDS OF CREATION ]
THREE KINDS OF CREATION NOW SHARE THE SAME STAGE.
[ TYPE 01 ]
Human-made music
Written, performed, produced or meaningfully directed by a person. Tools may still be involved, but the creative identity, performance, decisions and authorship remain human-led.
NUANCED CASE
[ TYPE 02 ]
Hybrid AI-assisted music
Human creation supported by AI tools: stem separation, mastering, idea generation, arrangement help, vocal cleanup, sound design, lyric sketches or workflow acceleration. The question is not whether software was used. The question is whether the human author can honestly explain and demonstrate the role they played.
[ TYPE 03 ]
Fully generated music
Music substantially created by generative systems (Suno, Udio and similar) with little or no human authorship beyond prompting, selection or upload. This music may have a place, but it should not be confused with human performance, human craft, or human-led authorship.
[ §04 — WHY HUMAN MATTERS ]
WHY KNOWING IT IS HUMAN MATTERS.
Music is not just content. It uses biological systems built for voice, timing, arousal, prediction, memory, movement and reward. Mammalian ears and vocal signals have been shaped together; human music then turns those older systems into culture.
That does not mean every human-made song is good. It means the human act of making music has value in itself. A voice breaking on a take, a drummer pushing the pocket, a rapper changing a line because it felt false, a producer rebuilding a hook at 2 a.m. — those things are not metadata. They are the work.
When music can be generated instantly, proof of human origin becomes part of the meaning of the music. Fans can choose to support people. Labels can make better decisions. Sync teams can reduce legal and reputation risk. Platforms can separate credible human work from spam and automated catalogue flooding.
TrackOrigin exists because the market needs a way to preserve the human premium without pretending technology does not exist.
BIOLOGY
ACOUSTIC COMMUNICATION · VERTEBRATE EVOLUTION
Sound carries social meaning.
Acoustic communication is ancient across vertebrates, and mammalian vocal signals and hearing sensitivity show evidence of co-evolution. Music sits on top of that inherited sound-recognition stack.
REWARD
MUSIC NEUROSCIENCE · REWARD CIRCUITRY
Music reaches reward circuitry.
Neuroscience studies link music pleasure to dopamine, anticipation, reward valuation and auditory-reward network interaction. Powerful audio can be human, synthetic or hybrid; provenance tells people which origin they are trusting.
BONDING
SOCIAL SYNCHRONY · DEVELOPMENTAL RESEARCH
Music is a social act.
Cross-cultural and developmental research links song, rhythm, synchrony and social attention. The human origin of music is not decorative context. It is part of what many listeners, labels and communities value.
[ §05 — DISCLOSURE IS NOT VERIFICATION ]
DISCLOSURE IS NOT VERIFICATION.
A checkbox can say AI was used. A label can say "human-made." A distributor field can ask for disclosure. A detector can estimate whether a file looks synthetic. Those systems are useful, but none of them alone proves that the named human actually made the work.
Self-declaration is too weak for a market where fake identity, voice cloning, spam uploads, synthetic impersonation and mass-generated catalogues are all commercially useful to bad actors.
TrackOrigin sits one layer deeper. It tests the relationship between the person, the track, the declared process and the evidence of making. It asks whether the named human can credibly demonstrate authorship under live, track-specific conditions.
The question is not only: does this sound AI-generated? The better question is: can the claimed author prove a credible human relationship to this exact file?
[ §06 — RELATIONSHIP TO C2PA & CONTENT CREDENTIALS ]
TRACKORIGIN SITS ABOVE
THE TOOL CHAIN.
TrackOrigin does not replace C2PA, Content Credentials, content watermarking, audio fingerprinting or AI detection. It addresses a question those systems were not built to answer.
The Coalition for Content Provenance and Authenticity (C2PA), formed in 2021 by Adobe, Microsoft, BBC, Intel, Arm, Truepic and Sony under the Linux Foundation, provides a powerful open standard for content provenance. Cryptographic assertions bind metadata about capture devices, editing software, ingredients and export chains to a file. The C2PA Conformance Program and official Trust List launched in mid-2025; version 2.3 of the specification was released in January 2026.
For media that begins inside a single sensor — a camera, a microphone, a field recorder — that signing chain is elegant and rigorous. Sony's Camera Verify (June 2025), the Samsung Galaxy S25 and the Google Pixel 10 now sign natively at capture. LinkedIn, TikTok and Cloudflare preserve credentials at scale.
Music is rarely built that way. A finished master is the aggregation of takes, samples, software instruments, mix decisions, plugins, AI tools and bounces, often spanning months and multiple collaborators across separate environments. A C2PA chain on a music export can document which tools touched the file. It cannot, on its own, answer whether a human meaningfully made it.
TrackOrigin sits at a different layer. It is evaluative, not descriptive. It tests the relationship between the named human and the finished master — through declaration, live session evidence, identity continuity and cryptographic binding to the audio — and produces a verdict that can travel as metadata alongside everything else.
A track can carry both: C2PA assertions about its production chain, and a TrackOrigin certificate about its human authorship. Together they give the music industry the complete provenance stack a synthetic-media era requires.
CATEGORY
C2PA / CONTENT CREDENTIALS
TRACKORIGIN
VERIFIES
Capture device, editing chain, ingredients
Human authorship of the finished master
ATTESTED BY
Hardware modules and signing software
The named human author
OPTIMISED FOR
Image, video, single-sensor capture
Audio masters, aggregated multi-source
OUTPUT
Edit and provenance history
Verdict, certificate and signed manifest
CORE QUESTION
What tools touched this file?
Can the named human prove they made it?
Both standards are complementary. A track can — and in many cases should — carry both.
[ §07 — REGULATORY LANDSCAPE ]
AUTHORSHIP IS NOW
A REGULATORY QUESTION.
Three major jurisdictions now require some form of AI-content disclosure. The detail differs. The direction is consistent — and the music industry sits squarely inside it.
[ CHINA · CAC ]
JAN 2023 · SEP 2025
First to label.
China was first to mandate labelling of synthetic content. The Provisions on the Administration of Deep Synthesis Internet Information Services took effect 10 January 2023, requiring watermarking of AI-manipulated audio, video, image and text. The Cyberspace Administration's Measures for Labelling AI-Generated Content followed on 1 September 2025, with the mandatory national standard GB 45438-2025 imposing both explicit (visible) and implicit (metadata) labels on all AI-generated music, audio, text and video distributed on Chinese platforms.
ENFORCEABLE 2 AUG 2026
[ EUROPEAN UNION ]
REG (EU) 2024/1689 · ARTICLE 50
Article 50 transparency.
The EU AI Act introduces transparency obligations covering all providers and deployers of AI systems generating synthetic content, including audio. Article 50(2) requires outputs of generative systems to be marked in a machine-readable format and detectable as artificially generated. The Commission's draft Code of Practice on the Transparency of AI-Generated Content (December 2025) specifies that no single marking technique is sufficient — a multi-layered approach of embedded metadata, watermarks and fingerprinting is mandated. Article 50 becomes enforceable on 2 August 2026.
[ UNITED STATES · CA ]
SB 942 · JAN 2026
State-level provenance.
California's SB 942 (California AI Transparency Act) took effect in January 2026, mandating provenance disclosure for AI-generated content distributed in the state. Federal-level US action remains under development at the FTC and Copyright Office, with separate state laws in Tennessee (the ELVIS Act, voice and likeness), Colorado and others creating an emerging patchwork that catalogue holders and DSPs must now navigate.
The industry itself is also formalising disclosure.
DDEX — the music industry's metadata standards consortium — finalised a dedicated AI disclosure standard for music credits in 2025. Spotify and leading distributors (Amuse, Believe, CD Baby, DistroKid, Empire, FUGA, IDOL and others) have publicly committed to adopting it.
The pattern is consistent across every jurisdiction listed above: regulators are demanding disclosure of AI involvement. Platforms are demanding tagging. Distributors are demanding metadata.
None of those are verification. They establish what a release claims about itself. They do not establish whether the claim holds.
[ §08 — WHO NEEDS THE SIGNAL ]
WHO NEEDS A HUMAN-MADE SIGNAL.
[ ARTISTS ]
Show the work is yours.
Put the Origin Seal on your website, EPK, track page, profile, link-in-bio, social campaign, press kit, fan community and pitch deck. Let people know there is a real person behind the record.
[ LABELS ]
Reduce signing risk.
Verify that the artist, producer or band can demonstrate credible authorship before investment, rollout, sync pitching or catalogue acquisition.
[ DSPS ]
Add a provenance signal.
Use verified human-made status as a trust layer for ingestion, recommendations, editorial review, fraud systems, artist pages and listener transparency.
[ DISTRIBUTORS ]
Separate artists from spam.
Give real artists a way to stand apart from mass-uploaded synthetic catalogues, fake credits, duplicate tracks and low-effort royalty abuse.
[ SYNC & BRANDS ]
Protect campaigns.
When music is used in film, games, ads or creator campaigns, brands need confidence that the human story behind the track is real and defensible.
[ FANS ]
Support real people.
Fans should be able to choose human-made music when they care about the artist, the story, the craft and the labour behind the sound.
[ §10 — THE SEAL TRAVELS ]
THE SEAL TRAVELS WITH THE MUSIC.
A TrackOrigin verification is not meant to live only inside TrackOrigin. The point is portability. The seal can appear wherever the music is being judged, promoted, bought, licensed, streamed, pitched or discovered.
- Artist websites and band websites
- EPKs, press kits and pitch decks
- Social profiles and link-in-bio pages
- Label and distributor dashboards
- DSP artist pages and ingestion systems
- Sync, licensing and catalogue review workflows
[ §11 — PLATFORM POSITIONS ]
THE MARKET IS ALREADY MOVING.
The major music platforms have started taking visible positions on synthetic content. The approaches differ. The direction is unanimous: AI involvement must be disclosed, identity protected, and human creators distinguished from fraud.
[ DEEZER ]
JAN 2025 — APR 2026
Platform-level detection and tagging.
Deezer launched a patent-pending AI music detection tool in January 2025 and became the first streaming platform in the world to explicitly tag AI-generated music at the platform level in June 2025. As of April 2026, it tags fully AI-generated tracks at ingestion, excludes them from editorial playlists and algorithmic recommendations, has detected approximately 13.4 million such tracks since launch, and reports that 85% of streams on AI tracks are fraudulent.
[ SPOTIFY ]
SEP 2025
DDEX disclosure, voice-clone ban, spam filter.
Spotify announced its AI policy on 25 September 2025, removing more than 75 million spam tracks in the preceding twelve months and adopting the DDEX industry standard for AI disclosure in music credits. Unauthorised AI voice clones of real artists are banned. A new spam filter targets mass uploads, duplicates and SEO manipulation. Major distributors (Amuse, Believe, CD Baby, DistroKid, Empire, FUGA, IDOL) are participating in the DDEX rollout.
[ APPLE MUSIC ]
2025 — 2026
Distributor-level disclosure.
Apple Music accepts AI-assisted music with disclosure handled at the distributor level. No standalone public AI policy has been published as of early 2026; enforcement runs through distributor partner agreements. Unauthorised AI voice clones of real artists are prohibited. The "Heart on My Sleeve" voice-clone removal in 2023 set the precedent.
[ BANDCAMP & QOBUZ ]
2025 — FEB 2026
Outright ban and detection tagging.
Bandcamp banned AI-generated music outright in 2025. Qobuz followed Deezer's lead in February 2026 with platform-level AI tagging using its own proprietary detection. The purist tier of streaming is consolidating around stricter positions than the majors.
[ §12 — A STANDARD ANYONE CAN USE ]
A STANDARD ONLY WORKS IF ANYONE CAN USE IT.
TrackOrigin is built for a world where proof has to move. An independent rapper in Lagos should be able to show it on a profile page. A band in São Paulo should be able to put it on a website. A label in Berlin should be able to check it before signing. A DSP in Tokyo should be able to verify it at ingestion. A fan anywhere should be able to click the Origin Seal and understand what it means.
The standard has to be visible, verifiable and portable across language, script, region and platform.
That is why TrackOrigin is built around three connected artefacts: the certificate, the public verification page and the embeddable Origin Seal.
The goal is simple: when music is human-made, or human-led, creators should be able to prove it with more than a claim.
[ §13 — COMMON MISCONCEPTIONS ]
THE OBJECTIONS,
ANSWERED PLAINLY.
A standard worth adopting earns it by answering its hardest questions in public.
M.01
Isn't this just gatekeeping who counts as a "real" artist?
TrackOrigin makes no judgment about genre, taste, commercial value or technique. It tests a single question — can the named human credibly demonstrate authorship of this exact recording? A bedroom producer in FL Studio runs the same verification path as a major-label band in a residential studio. The standard is about provenance, not prestige.
M.02
What about anonymous artists, pseudonyms, ghostwriters and session players?
Verification protects identity continuity without forcing public identity. A certificate can be issued under a stage name or pseudonym. Ghostwriter contributions, co-writes, session performances and producer credits are declared in the creation manifest and reflected in the verdict. The standard is designed to accommodate how music is actually made — including under cover.
M.03
Doesn't AI-generated music have a legitimate place?
Yes. TrackOrigin does not ban AI, restrict its use or pretend it doesn't exist. The standard exists to distinguish — clearly and honestly — between human-made, human-led AI-assisted, and fully generated music. A fully generated track simply receives a different verdict. It can still exist, be sold, be streamed and be marketed truthfully.
M.04
Won't verification slow down release workflows?
End-to-end verification typically completes in well under fifteen minutes, with a live session of sixty to one hundred and twenty seconds. For most artists this is faster than uploading a master to a distributor. For catalogues and labels, batch and API workflows handle scale without forcing per-track friction.
M.05
Is this only built for English-language Western music?
The methodology is language-agnostic and culturally neutral. Live session prompts adapt to the declared instruments, role, genre and tradition. The Deezer × Ipsos study cited in this paper covered eight countries across four continents — including Brazil and Japan — and found near-universal listener inability to identify AI music regardless of region. The standard is designed for global adoption from day one, including non-Latin scripts, oral and percussive traditions, regional production methods, and artists outside English-speaking markets.
M.06
What if an artist with verified work later releases AI-generated work?
Each certificate binds to a specific audio master through a SHA-256 hash. A new track requires its own verification with its own verdict. Existing certificates remain valid for the specific masters they cover. Fraud, misrepresentation or material declaration errors can result in formal revocation, with a clear public record of the change.
[ NEXT STEPS ]
WHEREVER YOU SIT
IN THE STACK.
The argument is the easy part. Action depends on the row you read this from.
[ IF YOU ARE AN ARTIST ]
Verify a track.
Run the verification flow on a finished master. First 15 verifications free, no credit card, around fifteen minutes each.
Get verified →[ IF YOU ARE A LABEL OR DISTRIBUTOR ]
Adopt for catalogue.
Use TrackOrigin for signing diligence, catalogue acquisition, release rollout and synthetic-spam separation. Batch and bulk pricing available.
Talk to TrackOrigin →[ IF YOU ARE A DSP OR PLATFORM ]
Integrate the standard.
Accept the certificate fields. Store them against the recording. Verify the manifest signature. Surface the signal where it builds trust.
See the adoption path →[ IF YOU ARE A FAN OR JOURNALIST ]
Check a certificate.
Look up any track that displays the Origin Seal. Confirm the verdict, the master hash, the issuer key and the verification record.
Open the verifier →[ SOURCES ]
PUBLIC DATA BASIS.
Every figure cited in this paper is drawn from public industry, regulatory and peer-reviewed sources, listed below. Current to mid-2026.
- IFPI Global Music Report 2026, released 18 March 2026 — global recorded music revenues ($31.7B), regional growth (LatAm +17.1%, MENA +15.2%, SSA +15.2%, Asia +10.9%), paid subscriber counts (837M).
- Luminate 2025 Year-End Music Report — global streaming volume (5.1T), ISRC delivery rate, catalogue and consumption data.
- Deezer newsroom statements, January 2025 – April 2026 — AI music delivery, detection, tagging and platform-level enforcement data.
- Deezer × Ipsos AI Music Recognition Study, November 2025 — survey of 9,000 respondents across 8 countries (US, Canada, Brazil, UK, France, Netherlands, Germany, Japan).
- Spotify newsroom announcement, 25 September 2025 — AI disclosure policy, DDEX adoption, spam-track removal totals.
- C2PA Technical Specification, v2.3 (released January 2026) and Content Credentials Explainer — Coalition for Content Provenance and Authenticity, Linux Foundation.
- European Union AI Act (Regulation (EU) 2024/1689), Article 50 transparency obligations — and the European Commission's draft Code of Practice on the Transparency of AI-Generated Content, December 2025.
- California SB 942 (California AI Transparency Act), effective January 2026.
- Cyberspace Administration of China — Provisions on the Administration of Deep Synthesis Internet Information Services (effective 10 January 2023) and Measures for Labelling AI-Generated Content (effective 1 September 2025), with the national standard GB 45438-2025.
- DDEX AI disclosure standard for music credits, finalised 2025; Digital Data Exchange consortium.
- Music Business Worldwide, Music Ally, Billboard and TechCrunch industry coverage, 2024 – 2026.
- Peer-reviewed research on acoustic communication, mammalian vocal/hearing co-evolution, music reward neuroscience, and cross-cultural research on song, synchrony and social bonding.
[ PROTECT THE HUMAN SIGNAL ]
IF HUMANS
MADE IT,
PROVE IT.
Verify your track, publish the Origin Seal, and let fans, labels, platforms and partners know there is a real person behind the music.